Sherman's Security Blog
I am Sherman Hand. (also known as Policysup) I have created this blog and will use a part of my day to write about what is going on in the world. I hope to discuss things in a down to earth and practical way. I hope to hear back from you on your thoughts. I do not in any way intend to speak for my employer. The content of this blog will be either opinions that are strictly mine, general observations,re posts, or information that is already in the public domain.

Researchers have developed a utility that allows victims affected by CryptXXX ransomware to decrypt their files for free.

CryptXXX is one the newest crypto-ransomware samples to be observed in the wild. It is being delivered to users as a Dynamic-Link Library (DLL) dropped by Bedep, a piece of malware which has the ability to download additional harmful software onto a victim’s computer.

Once it fully installs itself on a victim’s machine, CryptXXX appends the .CRYPT extension to each infected file, displays a ransom message, and asks for US $500 in payment. That demand will double in value if the fee has not been paid within a few days.

CryptXXX can also steal Bitcoins and other information, capabilities which security firm Proofpoint feels might link the ransomware directly to the authors of Angler and Bedep.

Victims of crytpo-ransomware have little choice but to pay the ransom in most cases.

Fortunately, researchers at Kaspersky Lab have given users affected by CryptXXX another option.

“The RannohDecryptor utility was initially created to decrypt files, which suffered from Rannoh ransomware,” Kaspersky says in a post. “In time it acquired additional and useful features. Now it can be used to cure your files from CryptXXX activity.”

Victims of the ransomware should download Kaspersky’s utility (available here), open “Settings,” and choose which drive types they want to have scanned. They should then click “Start scan” and choose where the encrypted .CRYPT file lies.

After asking for where the original file is located, the decryption tool will look for all other files with the .CRYPT extension and will attempt to decrypt those, as well.

Ransomware infections pose a significant threat to users’ and organizations’ data. Fortunately, people can take certain steps to protect themselves against variants like CryptXXX.